Web Security Dev Academy - 12-week online program

16h 37m 20s
English
Paid

Course description

Master the full scope of web security and learn to develop secure full-stack applications with reliable authorization, protection against vulnerabilities, and modern protocols such as OAuth and OIDC.

Read more about the course

What you will receive:

  • A complete understanding of web application security models - from theory to practice
  • Knowledge of typical vulnerabilities and methods to prevent them at industry standards level
  • Skills in designing and implementing a secure role-based access model in a real full-stack application
  • Understanding and ability to securely implement OAuth/OIDC flows for different scenarios

Who the course is suitable for:

  • Full-stack developers looking to enhance their security skills
  • Frontend developers concerned with client-side application security
  • Backend developers striving for secure server logic architecture
  • Application security engineers wanting a deeper understanding of practical implementation
  • System administrators interested in security from a code perspective

Who the course is not suitable for:

  • Those unfamiliar with JavaScript and HTML
  • Beginners with no experience in web development
  • Those looking for foundational IT or network security knowledge
  • Developers focused on design and UX

You will learn to:

  • Develop secure web applications, not blindly relying on frameworks
  • See security as a comprehensive task, covering both frontend and backend
  • Integrate security into the daily development process
  • Apply practices that truly work in real-world conditions

Practical project:

You will secure a full-fledged personal expense tracking application consisting of modules: authorization, dashboard, expenses, settings, and admin panel. The key focus is on implementing a role-based access control (RBAC) model and incorporating modern security mechanisms on both client and server sides.

Main stack: Angular and Node.js with TypeScript, however, the first 5 modules of the course are technologically neutral, allowing you to adapt the knowledge to any stack.

Watch Online

This is a demo lesson (10:00 remaining)

You can watch up to 10 minutes for free. Subscribe to unlock all 129 lessons in this course and access 10,000+ hours of premium content across all courses.

View Pricing
0:00
/
#1: Welcome lesson

All Course Lessons (129)

#Lesson TitleDurationAccess
1
Welcome lesson Demo
01:34
2
Program structure and topics
03:06
3
Training outcomes
02:11
4
What you need
02:03
5
Your first task
01:13
6
Welcome lesson
00:39
7
Same-origin policy
06:29
8
Cross-origin resource sharing
02:37
9
Same-origin policy [LABS]
07:34
10
Cross-origin resource sharing [LABS]
03:11
11
Content Security Policy
07:11
12
Content Security Policy [LABS]
22:54
13
Content Security Policy - Reporting [LABS]
02:45
14
Subresource Integrity [LABS]
03:16
15
Homework
00:59
16
Welcome lesson
00:33
17
Client-side security boundaries
09:23
18
Server-side security
09:13
19
HTTPS
06:02
20
Sessions vs. Tokens
17:21
21
When to use Sessions vs. JWT Tokens
05:52
22
Homework
02:08
23
Welcome lesson
01:01
24
OWASP Top 10
20:22
25
Cross-site scripting
11:17
26
Cross-site scripting [LABS]
15:49
27
Cross-site request forgery
10:15
28
Cross-site request forgery [LABS]
18:44
29
JWT Hacking
14:33
30
Other security vulnerabilities
01:51
31
Welcome lesson
00:19
32
Application overview
10:59
33
Application presentation
03:04
34
Application architecture
10:09
35
Authentication vs. authorization
07:23
36
Secured Angular part
07:55
37
Secured API
10:19
38
Node.js application setup
03:37
39
Homework
01:48
40
Welcome lesson
01:00
41
Features overview
13:54
42
Login feature [Angular]
14:00
43
Login feature [Node]
19:47
44
Sign up feature [Angular]
05:23
45
Sign up feature [Node]
15:01
46
Router Guards
05:42
47
Http Interceptors
08:09
48
Homework
01:16
49
Welcome lesson
00:33
50
XSS prevention
11:01
51
CSRF prevention
12:39
52
HttpOnly and Secure Cookies
02:06
53
UserAuth object
06:27
54
Conditional components visibility
08:55
55
Homework
01:00
56
Welcome lesson
00:59
57
UserAuth object
04:45
58
Server-side session
03:11
59
Logging access and application events
23:25
60
Throttling failed logins
13:29
61
Input sanitization and validation
12:25
62
Preventing calls without the proper role
07:08
63
Preventing calls without the ownership
03:23
64
Setting up CORS
02:42
65
Homework
01:35
66
Welcome lesson
01:06
67
Adding a new user to account [Angular]
16:13
68
Adding a new user to account [Node]
13:06
69
Confirming a new user for account [Angular]
05:00
70
Confirming a new user for account [Node]
01:41
71
Password recovery
11:49
72
Managing active sessions
13:40
73
Welcome lesson
02:06
74
Introduction to OAuth 2.0
09:59
75
Different client types and suitable OAuth flows
18:51
76
Security measures in OAuth
09:43
77
PKCE
08:52
78
OpenID Connect
11:48
79
Id Token with Implicit flow
03:40
80
Id Token with Implicit flow [CODE]
09:54
81
Authorization Code flow [CODE]
25:33
82
OAuth/OIDC Homework
03:38
83
Multi-factor authentication introduction
12:07
84
Two-factor authentication demo
02:51
85
Requesting OTP [Angular]
09:46
86
Validating OTP [Node]
08:36
87
2FA settings [Angular]
05:19
88
2FA settings [Node]
04:14
89
External user management introduction
18:23
90
Budget and Auth0 integration presentation
01:59
91
Auth0 integration [Angular]
03:08
92
Auth0 integration [Node]
13:59
93
Homework
00:54
94
Intro
01:19
95
Getting started
05:10
96
Basic match
03:20
97
Basic allow
02:17
98
Basic conditions
03:33
99
Common examples
05:31
100
Functions
04:30
101
Read other documents
03:58
102
Chat example
04:49
103
Role-based auth example
05:44
104
Security testing introduction
02:49
105
Setting up mock Firestore
04:01
106
Unit testing with mock data
03:59
107
Debugging security rules
02:05
108
Welcome lesson
03:05
109
Personal data introduction
21:21
110
Privacy Policy
21:38
111
Terms and Conditions
02:52
112
GDPR and regulations in the World
13:55
113
Cookies
15:10
114
Summary
05:43
115
Introduction
02:53
116
Same-origin Policy
02:02
117
User authentication
03:35
118
Origin spoofing
01:40
119
Input validation
03:22
120
TCP tunneling
04:19
121
Denial of Service (DoS)
02:10
122
WSS Encryption
00:59
123
Simple WebSocket demo [LABS]
05:03
124
Content Security Policy [LABS]
02:25
125
Authentication [LABS]
08:55
126
Cross-site WebSocket hijacking [LABS]
02:23
127
Goodbye and kind request
01:41
128
LIVE: Module 3 @ 20/06/2024
36:24
129
Secure Serverless Devlopment @ Marek Sottl
01:07:11

Unlock unlimited learning

Get instant access to all 128 lessons in this course, plus thousands of other premium courses. One subscription, unlimited knowledge.

Learn more about subscription

Comments

0 comments

Want to join the conversation?

Sign in to comment

Similar courses

Angular Pro

Angular Pro

Sources: ultimatecourses.com
Unlock Angular’s potential. All the advanced features, RxJS, Reactive Forms, Modular Architecture, TypeScript concepts, State Management, Unit Testing and a final project to cem...
16 hours 41 minutes 46 seconds
TypeScript Fundamentals

TypeScript Fundamentals

Sources: ultimatecourses.com
Boost your productivity. Dive into the TypeScript language through this comprehensive introduction, and realise the many benefits of adopting static types. We'l
2 hours 54 minutes 15 seconds
Complete ASP.NET MVC 5

Complete ASP.NET MVC 5

Sources: udemy
With over 40,000 happy students and 12,000+ positive reviews, this course is Udemy's most popular course for learning ASP.NET MVC! ASP.NET MVC is a server-side
7 hours 33 minutes 52 seconds
Mastering Node.js Streams with Erick Wendel

Mastering Node.js Streams with Erick Wendel

Sources: Erick Wendel
Learn the Node.js' most powerful feature for processing data on-demand, the Node.js Streams.A practical guide for you to learn how to process large loads of dat
11 hours 39 minutes 5 seconds